ROOT-OS-DEBIAN-12-CVE-2025-40070 CVE-2025-40070 in rootio-linux - Patched by Root

Root has patched CVE-2025-40070 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

ROOT-OS-DEBIAN-12-CVE-2025-38154 CVE-2025-38154 in rootio-linux - Patched by Root

Root has patched CVE-2025-38154 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

EUVD-2026-33330

A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument specialname results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit...

EUVD-2026-33322

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/gateway causes stack-based buffer overflow. The attack is possible to be carried out remotely. The...

CVE-2026-10061 TRENDnet TEW-432BRP formWPS command injection

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...

CVE-2026-10061

A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. Affected is the function formWPS of the file /goform/formWPS. The manipulation of the argument peerPin results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor...

Incorrect Authorization

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the user-facing APIs when the Organizations feature is disabled. An attacker can...

PT-2026-43096

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM version 7.0.3 Description Unauthenticated attackers can achieve remote code execution by injecting PHP code through the db name parameter. This is performed by sending a POST request to the 'install/step1.php' endpoint...

CVE-2026-6478 affecting package postgresql for versions less than 16.14-1

CVE-2026-6478 affecting package postgresql for versions less than 16.14-1. An upgraded version of the package is available that resolves this issue...

Security Bulletin: IBM Integration Bus for z/OS webui is potentially vulnerable to an clickjacking attack ( CVE-2026-1353 )

Summary IBM Integration Bus for z/OS webui is potentially vulnerable to an clickjacking attack. Vulnerability Details CVEID:CVE-2026-1353 DESCRIPTION: IBM App Connect Enterprise could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via incorrect handling of name constraints during certificate validation. An attacker can bypass critical certificate validation checks by presenting a certificate chain where permitted name constraints a...

PT-2026-37076

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A misleadingly named function copy user nocache was identified as a specialty memory copy routine that uses non-temporal stores for the destination and provides exception handling for bo...

PT-2026-37062

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description List corruption and Use-After-Free UAF issues exist in the Bluetooth MGMT command complete handlers. These issues stem from a change in the mgmt pending valid function, which validates a...

PT-2026-36744

Name of the Vulnerable Software and Affected Versions Gym Management System In PHP and Windows NT 1.0 affected versions not specified Description A remote SQL injection can be triggered through the manipulation of the day argument in the '/index.php' endpoint. SQL injection is a type of flaw that...

PT-2026-36696

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A remote command injection issue exists in the ping ddns function within the '/cgi-bin/adm.cgi' endpoint. Manipulating the DDNS argument allows an attacker to execute arbitrary comman...

PT-2026-36694

Name of the Vulnerable Software and Affected Versions Wavlink WL-WN570HA1 version R70HA1 V1410 221110 Description A command injection issue exists that allows remote attackers to execute arbitrary commands. The flaw is located in the set sys adm function within the '/cgi-bin/adm.cgi' endpoint,...

PT-2026-36602

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP version 1.12B01 Description An issue exists in the Firmware Update component within the '/www/cgi/ssi' file. This flaw allows for the remote cleartext transmission of sensitive information. The attack is characterized by hi...

PT-2026-36603

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-821DAP versions prior to 1.12B01 Description An issue exists in the Firmware Update Handler component within the cameo dev.sh file. Specifically, the platform do upgrade cameo dev function fails to sufficiently verify data...

PT-2026-36600

Name of the Vulnerable Software and Affected Versions School App developed by Zyosoft affected versions not specified Description An Insecure Direct Object Reference IDOR issue exists, where authenticated remote attackers can modify a specific parameter to read and modify data belonging to other...

PT-2026-36512

Name of the Vulnerable Software and Affected Versions socketcand version 0.4.2 Description A buffer overflow occurs in the main function within the socketcand.c file. This issue allows attackers to cause a denial of service or other unspecified impacts by using a crafted bus name variable...